Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A solid state drive comprising: a SDExpress memory device comprising: one or more Secure Digital mode password hidden blocks; and one or more Advanced Technology Attachment (ATA) password hidden blocks; and a controller coupled the memory device, the controller comprising: password conversion logic configured to convert, during booting of the solid state drive in non-volatile memory express (NVMe) operational mode, a password stored in the Secure Digital mode password hidden blocks to a password stored in the ATA password hidden blocks based on a password length, wherein the converted password enables user-mode memory blocks that were locked in Secure Digital operational mode to be accessed in NVMe operational mode.
2. The solid state drive of claim 1 , wherein the Secure Digital mode password hidden blocks are different memory blocks than the ATA password hidden blocks.
Solid State Drive Security and Data Protection This invention relates to solid state drives (SSDs) and addresses the need for secure data storage and access control. Specifically, it concerns methods for managing password-protected areas within an SSD, distinguishing between different security protocols. The system describes a solid state drive that implements password protection for certain memory blocks. This protection can be applied using different security modes, such as Secure Digital (SD) mode and Advanced Technology Attachment (ATA) mode. The core of this particular aspect of the invention is that the memory blocks designated as hidden or protected under the SD mode are distinct and separate from the memory blocks designated as hidden or protected under the ATA mode. This means that a password set for SD mode protection will not affect or grant access to blocks protected by ATA mode, and vice versa. This separation allows for granular control over data access and enhances security by preventing unauthorized access to sensitive information through different security interfaces or protocols. The drive manages these distinct password-hidden blocks independently, ensuring that security configurations for one mode do not inadvertently compromise the security of data protected by another mode.
3. The solid state drive of claim 1 , wherein the password length is an integer number of bytes that is less than or equal to 32.
4. The solid state drive of claim 3 , further comprising: the password conversion logic further configured to: on condition that the password length is not equal to 32 bytes, read a Secure Digital mode password from Secure Digital mode password hidden blocks and append to the Secure Digital mode password a number of zeros equal to a difference between 32 and the password length.
5. The solid state drive of claim 1 , further comprising: logic to map a system memory area storing a media key block and a media identifier in a Secure Digital operational mode to a first replay-protected memory block and a second replay-protected memory block, respectively, in the NVMe operational mode.
6. The solid state drive of claim 5 , further comprising logic to map a protected memory area storing an encrypted title key in the Secure Digital operational mode to a third replay-protected memory block in the NVMe operational mode.
A solid state drive (SSD) is configured to operate in both Secure Digital (SD) and Non-Volatile Memory Express (NVMe) operational modes. The SSD includes a protected memory area that stores an encrypted title key in the SD operational mode. The SSD further includes logic to map this protected memory area to a third replay-protected memory block when transitioning to the NVMe operational mode. This ensures that the encrypted title key remains secure and accessible in both modes, preventing unauthorized access or tampering. The SSD may also include additional replay-protected memory blocks for storing other sensitive data, such as a media key block and a device key block, which are similarly protected in both operational modes. The logic ensures seamless and secure data access across different operational modes while maintaining the integrity and confidentiality of stored encryption keys. This design is particularly useful in devices requiring secure storage and multi-mode functionality, such as gaming consoles or portable media players.
7. A method of operating an SDExpress memory device, the method comprising: booting the SDExpress memory device in a Secure Digital operational mode; locking the SDExpress memory device in the Secure Digital operational mode in response to locking the SDExpress memory device in the Secure Digital operational mode, storing a Secure Digital mode password in a security data structure comprising the Secure Digital mode password and a password length; booting the SDExpress memory device in a non-volatile memory express (NVMe) operational mode; and transforming the Secure Digital mode password to an NVMe mode password based on the password length.
8. The method of claim 7 , further comprising: writing the NVMe mode password to Advanced Technology Attachment (ATA) password hidden blocks accessible to the SDExpress memory device in the NVMe operational mode.
9. The method of claim 7 , further comprising: on condition that the password length is not equal to 32 bytes, reading the Secure Digital mode password from Secure Digital mode password hidden blocks and appending to the Secure Digital mode password a number of zeros equal to a difference between 32 and the password length.
10. The method of claim 7 , further comprising: on condition that the password length is equal to 32 bytes, transforming the Secure Digital mode password to an Advanced Technology Attachment (ATA) security protocol password and applying the ATA security protocol password to unlock the SDExpress memory device.
11. The method of claim 7 , wherein transforming the Secure Digital mode password further comprises: reading a lock status for the Secure Digital operational mode from the security data structure located in a Secure Digital mode password hidden block.
A method for managing security in a storage device, particularly for handling password transformations in a Secure Digital (SD) operational mode. The method addresses the need for secure and efficient password management in storage devices, ensuring that sensitive data remains protected while allowing authorized access. The invention involves transforming a password for the SD mode by reading a lock status from a security data structure stored in a hidden block of the storage device. This hidden block is specifically designated for storing the SD mode password and its associated security information. The lock status indicates whether the SD mode is currently locked or unlocked, providing an additional layer of security control. By accessing this status, the method ensures that the password transformation process adheres to the current security state of the device, preventing unauthorized access or modifications. The method integrates with broader security protocols, including those for other operational modes, to maintain consistent and robust protection across the storage device. This approach enhances security by centralizing and securing critical password-related data in a dedicated hidden block, reducing the risk of tampering or unauthorized access. The method is particularly useful in environments where secure data storage and access control are paramount, such as in enterprise or high-security applications.
12. The method of claim 11 , further comprising: on condition that the lock status indicates that the SDExpress memory device is locked, reading the password length from the Secure Digital mode password hidden block.
13. The method of claim 7 , further comprising: the SDExpress memory device mapping system memory areas storing a media key block and a media identifier in the Secure Digital operational mode to a first replay-protected memory block and a second replay-protected memory block, respectively, in the NVMe operational mode.
14. The method of claim 13 , the SDExpress memory device further mapping a protected memory area storing an encrypted title key in the Secure Digital operational mode to a third replay-protected memory block in the NVMe operational mode.
15. A solid state drive comprising: a SDExpress memory device; a host device interface operable in either of a Secure Digital operational mode and a non-volatile memory express (NVMe) operational mode; and a controller coupled to the SDExpress memory device, the controller configured to: boot the solid state drive in the Secure Digital operational mode; in response to locking the solid state drive in the Secure Digital operational mode, storing a Secure Digital mode password in Secure Digital mode password hidden blocks comprising the Secure Digital mode password and a password length; boot the solid state drive in the NVMe operational mode; and in response to determining that the solid state drive was locked in the Secure Digital operational mode, transform the Secure Digital mode password to an NVMe mode password based on the password length, wherein the transformed password enables user-mode memory blocks that were locked in Secure Digital operational mode to be accessed in NVMe operational mode.
16. The solid state drive of claim 15 , wherein transforming the Secure Digital mode password further comprises: reading a lock status for the Secure Digital operational mode from a security data structure located in a Secure Digital mode password hidden block.
17. The solid state drive of claim 16 , the controller further configured to: on condition that the lock status indicates that the solid state drive is locked, read the password length from the Secure Digital mode password hidden block.
A solid state drive (SSD) includes a controller configured to manage access control by reading a password length from a hidden block in Secure Digital (SD) mode. The SSD operates in a locked state, where access is restricted unless a correct password is provided. The controller reads the password length from a specific hidden block designated for storing password-related data in SD mode, ensuring secure and efficient access control. This feature prevents unauthorized access by verifying the password length before further authentication steps, enhancing security in storage devices. The hidden block is inaccessible under normal operating conditions, ensuring that the password length remains protected from tampering or unauthorized reading. The controller's configuration ensures that the SSD remains locked until the correct password is provided, maintaining data integrity and security. This approach is particularly useful in environments where secure data storage is critical, such as enterprise systems or portable devices. The hidden block's structure and the controller's logic ensure that the password length is retrieved only when necessary, reducing the risk of exposure. The SSD's design integrates seamlessly with existing storage protocols while providing robust security measures.
18. The solid state drive of claim 15 , the controller further configured to: write the NVMe mode password to Advanced Technology Attachment (ATA) password hidden blocks accessible to the solid state drive in the NVMe operational mode.
19. The solid state drive of claim 15 , the controller further configured to: on condition that the password length is equal to 32 bytes, transforming the Secure Digital mode password to an Advanced Technology Attachment (ATA) security protocol password and applying the ATA security protocol password to unlock the solid state drive.
This invention relates to solid state drives (SSDs) with enhanced security features, specifically addressing the challenge of compatibility between different password-based security protocols. The SSD includes a controller that manages access control by verifying passwords before allowing data access. The controller is configured to handle passwords of varying lengths, particularly focusing on 32-byte passwords used in Secure Digital (SD) mode. When a 32-byte password is provided, the controller converts it into a format compatible with the Advanced Technology Attachment (ATA) security protocol. This transformation ensures that the SSD can be unlocked using the ATA protocol, even when the original password adheres to SD mode specifications. The conversion process allows seamless interoperability between different security protocols, enabling the SSD to function across systems that may require either SD or ATA password formats. This solution simplifies user access while maintaining robust security, as the controller dynamically adapts the password format based on the specified length. The invention ensures that SSDs remain secure yet flexible, accommodating diverse security requirements without compromising performance or usability.
20. The solid state drive of claim 15 , the controller further configured to: on condition that the password length is not equal to 32 bytes, read the Secure Digital mode password from the Secure Digital mode password hidden blocks and append to the Secure Digital mode password a number of zeros equal to a difference between 32 and the password length.
A solid state drive (SSD) includes a controller configured to manage password-based security features, particularly for Secure Digital (SD) mode operation. The SSD stores a password in hidden blocks, and the controller is designed to handle passwords of varying lengths. When the password length is not exactly 32 bytes, the controller reads the password from the hidden blocks and appends zeros to the end of the password until its length reaches 32 bytes. This ensures compatibility with systems or protocols that require a fixed-length password, preventing errors or security vulnerabilities that could arise from mismatched password lengths. The controller may also perform other security-related functions, such as verifying the password or managing access to protected data based on the password. The SSD may include additional components like non-volatile memory and interfaces for data transfer, all managed by the controller to maintain secure and reliable operation. This approach simplifies password handling while ensuring system interoperability and security.
Unknown
March 30, 2021
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.